7.3
CVE-2025-30357
- EPSS 0.38%
- Veröffentlicht 18.04.2025 15:51:21
- Zuletzt bearbeitet 13.05.2025 15:40:18
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Namelessmc ≫ Nameless Version < 2.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.299 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 2.3 | 4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
|
| security-advisories@github.com | 7.3 | 1 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H
|
CWE-706 Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h
https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f